logcheck ignore and violation rules are not matching on alternate policy banks
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
amavisd-new (Ubuntu) |
New
|
Low
|
Unassigned |
Bug Description
The logcheck ignore and violation rules works well when using only the default policy bank but they fail to match alternate policy banks log messages. Here is an example of one log that should have match (but didn't) :
Sep 29 00:02:10 www amavis[25415]: (25415-05) Passed CLEAN, DKIM LOCAL [172.16.22.1] [172.16.22.1] <email address hidden> -> <email address hidden>, Message-ID: <email address hidden>, mail_id: izycyafCDlfx, Hits: -8.404, size: 1648, queued_as: 8C34C5EDC, 3942 ms
Here the problematic fields are the "DKIM" and the "LOCAL" that indicates the message was handled by the "DKIM" policy bank and originated from a local network.
This at least affects Lucid's and Natty's amavisd-new packages.
What I would suggest is to replace this ignore rules (and all other similar) :
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ amavis\ [[[:digit: ]]+\]: \([-[:digit:]]+\) Passed CLEAN,( \[[.:[: xdigit: ]]+\]){ 0,2} <[^>]*> -> <[^>]*>(,<[^>]*>)*, Message-ID: <[^>]+>( \((added by[^)]+ |sfid-[ _[:xdigit: ]]+)\)) ?,( Resent-Message-ID: <[^>]+>,)? mail_id: [-+[:alnum:]]+, Hits: (-[.[:digit:]]*)+, size: [[:xdigit:]]+, queued_as: [[:xdigit:]]+( OK id=[-[:alnum:]]+)?, [[:digit:]]+ ms$
with :
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ amavis\ [[[:digit: ]]+\]: \([-[:digit:]]+\) Passed CLEAN,( [-[:alnum:]]+)?( LOCAL)?( \[[.:[: xdigit: ]]+\]){ 0,2} <[^>]*> -> <[^>]*>(,<[^>]*>)*, Message-ID: <[^>]+>( \((added by[^)]+ |sfid-[ _[:xdigit: ]]+)\)) ?,( Resent-Message-ID: <[^>]+>,)? mail_id: [-+[:alnum:]]+, Hits: (-[.[:digit:]]*)+, size: [[:xdigit:]]+, queued_as: [[:xdigit:]]+( OK id=[-[:alnum:]]+)?, [[:digit:]]+ ms$